On Mon October 19 2009 2:16:32 pm Oliver Wulff wrote: > Hi Dan > > I'll update the wsdl accordingly and give it a try. You agree that this is > more a workaround because the drawback is that the soap action changes > depending on the used ws-trust binding (issue, validate, ...) even the > same wsdl operation is used. I think this should be managed by the > STSClient. What do you think?
Well, yes and no. One of the problems I have with WS-Trust is that you cannot describe the service in a single portType in a WS-I BP compliant manner. Kind of annoying. Makes looking things up a little harder. Ideally, there would be separate operations for cancel/issue/validate that had proper actions defined for each. Unfortunately, such a portType wouldn't be wsi-bp compliant due to all three using the same element name. However, you could setup your wsdl to have three separate operations with the three separate actions and it should work. In anycase, I've updated the STSClient to be smarter about it. If there isn't an operation with the given action, it finds the operation with the RequestSecurityToken element name for its part and then forces an override of the action. That SHOULD solve this for your case as well. Dan > > Thanks > Oliver > > ________________________________ > > Von: Daniel Kulp [mailto:[email protected]] > Gesendet: Mo 19.10.2009 18:49 > An: [email protected] > Cc: Oliver Wulff > Betreff: Re: AW: STS Client, Bearer KeyType results in empty soap message > > > > > > Oliver, > > The wsdl you have for the trust server is slightly problematic. The > soap:operation soapAction needs to be set properly. Instead of: > <soap:operation soapAction="" style="document"/> > > if you set it to: > http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Issue > > I think it will work. That said, we definitely should handle this better > and I'm updating the STSClient findOperation method to handle this. > > Dan > > On Mon October 19 2009 9:51:27 am Oliver Wulff wrote: > > I've attached the testcase. > > > > 1) update the location address of the wsdl port SignedSAMLSenderVouches > > in wsdl/ws-trust-1.3-soap.wsdl to a valid endpoint address. No valid > > WS-Trust endpoint is required. All you want to see is that the > > LoggingOutInterceptor in the client logs an empty soap message which is > > sent. > > > > 2) run > > mvn -Psecure.client > > > > You should now see that the outgoing message is an empty soap message: > > 19.10.2009 14:46:37 > > org.apache.cxf.interceptor.LoggingOutInterceptor$LoggingCall back > > onClose INFO: Outbound Message > > --------------------------- > > ID: 1 > > Address: > > https://b0d0hr02.ch.zurich.com:57076/services/security/SecurityTokenSer > > > > <https://b0d0hr02.ch.zurich.com:57076/services/security/SecurityTokenSer> > > viceSOAPService/SignedSAMLSenderVouches > > Encoding: UTF-8 > > Content-Type: text/xml > > Headers: {SOAPAction=[""], Accept=[*/*]} > > Payload: <soap:Envelope > > xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/ > > <http://schemas.xmlsoap.org/soap/envelope/> ">< soap:Body > > /></soap:Envelope> > > > > Thanks > > Oliver > > > > ________________________________ > > > > Von: Oliver Wulff [mailto:[email protected]] > > Gesendet: Mo 19.10.2009 07:45 > > An: [email protected] > > Betreff: STS Client, Bearer KeyType results in empty soap message > > > > > > > > Hi there > > > > My web service has defined an IssuedToken policy where KeyType is Bearer: > > > > <sp:IssuedToken > > xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy > > > > <https://webmail.progress.com/exchweb/bin/redir.asp?URL=http://schemas.xm > >l soap.org/ws/2005/07/securitypolicy> "> <sp:RequestSecurityTokenTemplate> > > <trust:TokenType > > > > xmlns:trust="http://docs.oasis-open.org/ws-sx/ws-trust/200512";>http://doc > >s <https://webmail.progress.com/f5-w-687474703a2f2f646f6373$$> > > .oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1</trust:Toke > >nT ype > > > > <https://webmail.progress.com/exchweb/bin/redir.asp?URL=http://docs.oasis > >- > > open.org/ws-sx/ws-trust/200512%22%3Ehttp://docs.oasis-open.org/wss/oasis- > >ws s-saml-token-profile-1.1%23SAMLV1.1%3C/trust:TokenType> > > > <trust:KeyType > > xmlns:trust="http://docs.oasis-open.org/ws-sx/ws-trust/200512";>http://doc > >s <https://webmail.progress.com/f5-w-687474703a2f2f646f6373$$> > > .oasis-open.org/ws-sx/wstrust/200512/Bearer</trust:KeyType > > > > <https://webmail.progress.com/exchweb/bin/redir.asp?URL=http://docs.oasis > >- > > open.org/ws-sx/ws-trust/200512%22%3Ehttp://docs.oasis-open.org/ws-sx/wstr > >us t/200512/Bearer%3C/trust:KeyType> > </sp:RequestSecurityTokenTemplate> > > </sp:IssuedToken> > > > > > > Unfortunately, the sent request to the STS is an empty soap message: > > > > INFO: Outbound Message > > --------------------------- > > ID: 1 > > Address: > > > > https://b0d0hr02:57076/services/security/SecurityTokenServiceSOAPService/ > >S ignedSAMLSenderVouches > > > > <https://b0d0hr02:57076/services/security/SecurityTokenServiceSOAPService > >/ SignedSAMLSenderVouches> Encoding: UTF-8 > > Content-Type: text/xml > > Headers: {SOAPAction=[""], Accept=[*/*]} > > Payload: <soap:Envelope > > xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/";><soap:Body > > > > <https://webmail.progress.com/exchweb/bin/redir.asp?URL=http://schemas.xm > >l soap.org/soap/envelope/%22%3E%3Csoap:Body> /></soap:Envelope> > > > > > > I have debugged the STSClient and the writeStartElement and > > writeEndElement seem to be correct. But for some reason, the translation > > into DOMSource seems not to work: Object obj[] = client.invoke(boi, new > > DOMSource(writer.getDocument().getDocumentElement())); > > > > Do you have any ideas? > > > > Thanks > > Oliver > > -- > Daniel Kulp > [email protected] > http://www.dankulp.com/blog > -- Daniel Kulp [email protected] http://www.dankulp.com/blog
